All the latest UK technology news, reviews and analysis


Cross-site scripting attacks skyrocket 160 percent

29 Jan 2013
Security padlock image

The number of cross-site scripting attacks targeting businesses and consumers skyrocketed 160 percent during the last quarter of 2012, according to secure cloud hosting company Firehost.

Firehost reported that of the 64 million attacks it detected and blocked during the period, 2.6 million were cross-site scripting attacks. In the previous quarter the company only detected one million cross-site scripting attacks.

The increase means 57 percent of the threats detected by Firehost during the quarter were cross-site scripting attacks.

Below these attacks, directory traversal, SQL injection, and cross-site request forgery (CSRF) were highlighted as the three other largest threats, accounting for 15 percent, 16 percent and 12 percent of the attacks detected respectively.

Cross-site scripting is a basic tactic used by hackers. It works by inserting malicious code into insecure webpages letting the attacker manipulate where website visitors are directed.

Despite being basic, the attack strategy has a variety of applications and can be used to do everything from defacing websites to launching phishing attacks.

FireHost senior security engineer Chris Hinkley attributed the rapid increase in attack levels to a combination of most businesses' lax website security and the tactic's increased profitability during the holiday period.

"The change in frequency of the types of attacks between quarters gives you an idea of how cyber criminals are constantly working to identify the path of least resistance," said Hinkley.

"During the fourth quarter, e-commerce sites in particular would have been very busy with Christmas sales. Hackers will rapidly go after these high value targets with attacks that are highly automated and, if they are not yielding useful payloads, the attackers are equipped to quickly try a different type of attack.

"This is why it is important to have an understanding of the kind of traffic that is accessing your hosted infrastructure, so that you can make sure that malicious traffic is diverted and that there is less risk to sensitive data."

Firehost director of technology, Todd Gleason, highlighted hacktivist groups' use of the tactic as a second key contributor to the increase.

"Itʼs fairly obvious that, if you are a retailer or service provider dealing with private customer data or payment card details, your business will present an attractive target for hackers," said Gleason.

"That being said, we also see attacks that have the potential to simply deface or interfere with and disrupt websites and applications. Even though no data is lost, the reputation of a company can still be seriously damaged."

The ongoing prominence and tenacity of hacktivist groups has become a hot topic within the security industry. Most recently the Anonymous hacktivist collective re-entered the headlines after defacing a US Justice Department website to protest the death of internet activist Aaron Swartz.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?
12%
23%
11%
6%
48%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

IT Project Manager

The Opportunity Excellent retail process and systems...

Test Analyst in Central London

Role Responsibilities : - To work within the Analyst...

IT Consultant – Technical Architect

IT Consultant – Technical Architect to work with a number...

Senior Network Engineer

Senior Network Engineer Fixed Term (2 years...
To send to more than one email address, simply separate each address with a comma.